Login Credentials Sent In Clear Text

Description

During the scan, Kayran managed to find that the Login Credentials are being Sent In Clear Text.
This vulnerability is caused when a user’s credentials are transmitted unencrypted. The credentials must be transmitted via HTTPS in order to prevent malicious users from intercepting this information.

Attackers could intercept, stealing the information using a MITM (Man-in-the-middle) attack to retrieve the credentials that are being sent in Clear text. The software transmits sensitive or security-critical data in clear text in a communication channel. That can be sniffed by unauthorized actors.

Recommendation

To prevent this vulnerability, make sure that the site transmits to the server by using trusted and encrypted connections (HTTPS).

References

https://cwe.mitre.org/data/definitions/319.html

< Return to all Vulnerabilities

SQLI to RCE

How to preform SQLI TO RCE? One of the most interesting and important things about any site is the database. So, it’s important to protect

Read More »

Bug Bounties

As pirates, we all love plundering, we all love raiding, but mostly, we all love bounties, especially Bug Bounties. Let’s talk about it. Bug Bounties

Read More »